Information pursuant to art. 13 of the European Regulation 679/2016
This Information is intended to inform the user/customer about the methods of personal data processing, pursuant to article 13 of the Privacy Code and articles 13 and 14 of the European Regulation (EU) 2016/679 (hereafter GDPR).
Personal Data Controller
The Data Controller is the company "Società Agricola da Porto s.s." (hereafter "the Company"), which also owns "Agriturismo Villa Selvatico”, in the person of its legal representative, with domicile elected in Vigonza (PD), via Selvatico 1.
The Company can be contacted by email at firstname.lastname@example.org.
Type of data collected and processed
The data processed by the Data Controller are of two types:
- Data provided directly by the user/customer at the time of a contact by telephone or email, through the appropriate contact form on the website www.villa-selvatico.com, through the booking form of our booking engine, or by the customer at his/her arrival for a stay at Agriturismo Villa Selvatico;
- Data collected by automated means: for example IP address, type of browser, information on the computer, email addresses from public and authorized lists, click on hyperlinks contained in the email, data related to the opening of a message, all this also through statistical traffic analysis software on our website, on the Facebook page or on other social media.
In no case the Data Controller acquire "sensitive" personal data, concerning ethnic or racial origin, political opinions, religious or philosophical beliefs, health or sexual preferences.
Purpose of the processing
The collected data are used only for internal purposes, to provide informations about the Company's activities to those who request it, for updates on activities and services, for promotional communications and invitations, for sending information material or for the fulfillment of precise obligations of law.
The data are not and will never be transferred to third parties, with the sole exception of administrative and judicial bodies and authorities by virtue of precise legal obligations.
We also point out that personal data may be processed by some of our service providers. In this case, we make sure that this transfer takes place in compliance with current legislation and that an adequate level of personal data protection is guaranteed.
In particular, as regards the making of online reservations, the user will be connected to a booking engine called KrossBooking, and provided by Solutions Plus srl, in which he can enter his own data and the data of his credit card through a secure encrypted connection (security certificate issued by Sectigo limited to Solutions plus srl).
Legal basis of the processing
The data processing put in place for these purposes are carried out with the specific consent provided by the user / customer, except for communications relating to products / services for which the treatment is based on a legitimate interest of the Controller.
With regard to the personal data requested from the user / customer as part of a request for information and / or a booking request, made by the user / customer through any of the methods mentioned above (telephone, email, information request form on our website, booking form on the Booking Engine of our website or through other touristic portals), or for the fulfillment of specific legal obligations, please note that failure to consent to the processing may affect the supply of the requested service.
Each user/customer can ask at any time to access their personal data and to correct or delete them, by sending an email to email@example.com or firstname.lastname@example.org. In the same way, the user/customer may at any time revoke the consent given to the processing, however this act does not affect the validity of the processing carried out by the Data Controller up to that time.
The retention of personal data will take place both in electronic / informatic way and on paper through the use of tools and procedures suitable for guaranteeing security and confidentiality.
In case of exercise of the right to be forgotten through the request for explicit cancellation of personal data processed by the Data Controller, we remind you that such data will be kept, in a protected form and with restricted access, solely for the purpose of ascertaining and suppressing crimes, for a period not more than 24 months from the date of the request and will subsequently be securely deleted or anonymised irreversibly.
Rights of the interested parties
Each interested subject has the right to:
- request access to his/her personal data and information relating to them; the correction of inaccurate data or the integration of incomplete data; the cancellation of personal data concerning him/her; the limitation of the processing of his/her personal data;
- requesting and obtaining his/her personal data in a structured and legible format also for the purpose of communicating such data to another data controller (so-called right to the portability of personal data);
- oppose at any time the processing his/her personal data to the occurrence of particular situations that affect you;
- revoke the consent at any time for one or more specific purposes or particular categories of data;
- to propose a complaint to a supervisory authority (Authority for the protection of personal data - www.garanteprivacy.it).